Brandon

Members
 View Profile  See their activity

  • Content Count

    550

  • Joined

  • Last visited

 Content Type 

Posts posted by Brandon

  3. Mcafee Securitycenter "mcinsctl.dll" Activex File Overwrite Vuln

    in Security Alerts

    Posted

    Story published by Secunia

    Source: Peter Vreugdenhil

    Peter Vreugdenhil has reported a vulnerability in McAfee SecurityCenter, which potentially can be exploited by malicious people to compromise a vulnerable system.

    The vulnerability is caused due to an error in restricting the browser domain in which the "mcinsctl.dll" ActiveX control can be instantiated. The control contains the "MCINSTALL.McLog" object that can be used to write to a log file. This can be exploited to create or append to arbitrary files, potentially allowing arbitrary code execution by creating files in the user's startup folder.

    Successful exploitation requires that the user is e.g. tricked into visiting a malicious website.

    The vulnerability has been reported in "mcinsctl.dll" version 4.0.0.83 that is included with McAfee VirusScan. Other products that contain the vulnerability ActiveX control may also be affected.

    Solution:

    The vulnerability has reportedly been fixed via automatic update.

    Secunia Advisory

  4. Symantec Antivirus Rar Archive Decompression Buffer Overflow

    in Security Alerts

    Posted · Edited by Brandon

    Story published by Secunia

    Source: Alex Wheeler

    Alex Wheeler has reported a vulnerability in Symantec AntiVirus, which potentially can be exploited by malicious people to compromise a vulnerable system.

    The vulnerability is caused due to a boundary error in Dec2Rar.dll when copying data based on the length field in the sub-block headers of a RAR archive. This can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a malicious RAR archive is scanned.

    The vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and potentially affects all Symantec products that use the DLL.

    Solution:

    The vendor is current investigating the issue and working on an update. Refer to the original advisory of more information on the list of affected products.

    An antivirus-based protection signature has been added on 2005-12-20 via LiveUpdate to detect potential exploits of the vulnerability.

    Secunia Advisory

  7. Spyware Lures To Install Potentially Unwanted Software

    in Security Alerts

    Posted

    Story published by Websense Security Labs

    Source: Websense Security Labs

    Websense Security Labs is seeing a large increase in the number of websites and emails that use deception and/or browser vulnerabilities to install potentially unwanted software. The common theme among these threats is the use lures of possible spyware infections on your machine. In some cases, the scam actually reports fraudulent information regarding the security of your PC.

    In many cases they also request money in return for cleaning the outlined security problems (we have seen as much as $500 per year).

    Over the last 2 weeks, we have identified more than 1500 sites that have some (or all) of the following criteria:

    • They are hosted in Ukraine and Russia
    • The website domain names are registered in countries like Vanuatu and Mexico
    • IP netblocks hosting sites are often hosting other questionable sites such as fraudulent search engines
    • IP netblocks have been hosting malicious code such as Trojan horse downloaders, droppers, and hosts-file redirection software
    • Malicious code that modifies DNS settings has used these netblocks for DNS resolving
    • Downloaded code often includes several pieces of spyware, adware, and other potentially unwanted software
    • Removing the software often requires that you to fill out a survey
    • Several of the sites contain links to other sites that are hosting IE exploit code

    (See site for example screenshots)

    Websense Advisory

  10. Phpbb "allow Html" Script Insertion Security Issue

    in Security Alerts

    Posted

    Story published by Secunia

    Source: Maksymilian Arciemowicz

    Maksymilian Arciemowicz has discovered a security issue in phpBB, which can be exploited by malicious people to conduct script insertion attacks.

    Input passed in the message body when posting isn't properly sanitised before being used. This can be exploited to inject arbitrary JavaScript code, which will be executed in a user's browser session in context of an affected site when the malicious post is viewed.

    Example:

    <B C=">" onmouseover="

    " X="<B "> H E L O </B>

    Successful exploitation requires that "Allow HTML" is enabled (not default setting).

    It is also possible to disclose the full path to "admin/admin_disallow.php" by accessing it directly with the "setmodules" parameter set to "1" (requires that "register_globals" is enabled).

    The security issue has been confirmed in version 2.0.18. Other versions may also be affected.

    [b]Solution:[/b]

    Set "Allow HTML" to "No".

    Secunia Advisory

  18. Trend Micro Pc-cillin Internet Security Insecure File Permission

    in Security Alerts

    Posted

    A security issue has been reported in Trend Micro PC-cillin Internet Security, which can be exploited by malicious, local users to bypass certain security restrictions or gain escalated privileges.

    The vulnerability is caused due to insecure default file permissions being set on the installed files. This allows any user on the system to remove the files or replace them with malicious binaries.

    Successful exploitation allows disabling the protection or execution of arbitrary code with SYSTEM privileges.

    The security issue has been reported in Trend Micro PC-cillin Internet Security 2005 version 12.00 build 1244. Other versions may also be affected.

    Solution:

    The security issue has reportedly been fixed in version 12.4.

    Advisory

  22. Malicious Website / Malicious Code: Fake Mcafee Patch

    in Security Alerts

    Posted

    Websense® Security Labs™ has received reports of an email scam disguised as a patch for McAfee products. Users receive a spoofed email message instructing them to click on a link to immediately download and install a patch from McAfee. This patch claims to address a virus that does not exisit. The link in the email takes users to a fraudulent website, that appears to be the legitimate McAfee security site.

    The patch hosted on this page is actually a Trojan downloader.

    The malicious site is hosted in the United States and was online at the time of this alert.

    Alert